I would like to use the quick fix solution to patch the security issue with the UmbRegisterController. The suggestion is to download the custom code from here, which should be added to the App_Code folder.
Can anybody tell me please if all I need to do is to just drop this code as a new class in the App_Code folder or do I need to reference it from my code where the UmbRegisterController is being used?
6.2.0-6.2.6 (any v6 site since 6.2.0)
7.0.0-7.14.0 (any v7 site since 7.0.0 and lower than 7.15.0)
8.0.0-8.0.2 (any v8 site since 8.0.0 and lower than 8.1.0)
Security Advisory 9.7.19
Hi,
I would like to use the quick fix solution to patch the security issue with the UmbRegisterController. The suggestion is to download the custom code from here, which should be added to the App_Code folder.
Can anybody tell me please if all I need to do is to just drop this code as a new class in the App_Code folder or do I need to reference it from my code where the UmbRegisterController is being used?
Thanks!
Hi
A new class in App_Code should be fine. the file contains everything it needs to register and run at startup.
Kevin
That's great, thanks Kevin for your help!
Hi all,
we've also created a .dll that contains the fix. Just copy over this into your bin-folder and you're ready:
For version 6: https://downloads.perplex.eu/umbracosecurityfix/UmbracoSecurityPatch20190709v6.dll
For version 7: https://downloads.perplex.eu/umbracosecurityfix/UmbracoSecurityPatch20190709v7.dll
Happy patching!
Jeffrey
Hi Jefferey,
Just want to let you know. I have just tried your links and they return in 404, it seems only to take half of the link when you click at it.
So maybe you should make a short link or so.
All the best,
/Dennis
Thanks for testing it out. I've updated the url's and now they work!
Hi Jeffrey,
You are welcome. I have now tried to download the files again and its working just fine now.
/Dennis
Is this fix recommended for all Umbraco installations or just those using certain functionality? Didn't see a post or email about it.
Hi Amir,
it was over here: https://umbraco.com/blog/security-advisory-july-9th-2019/.
Versions affected are:
hey there,
i've applied the fix to a site but out of interest, how are people testing that the fix is actually working? i'm not seeing any urls mentioned in the https://umbraco.com/blog/security-advisory-july-9th-2019/
i'm guessing it's a case of making a post and making sure a 404 is returned?
any pointers would be great!
cheers,
jake
is working on a reply...